diff options
| author | tb <> | 2023-11-28 13:19:04 +0000 |
|---|---|---|
| committer | tb <> | 2023-11-28 13:19:04 +0000 |
| commit | 2ef851529997e0374d16c3733749d9cfb616a768 (patch) | |
| tree | b2aa716815fa7c1b8c0f2e5c5547467a8e108baf /src | |
| parent | 94f79d473365fa39d5c97755523e59bd8053d85d (diff) | |
| download | openbsd-2ef851529997e0374d16c3733749d9cfb616a768.tar.gz openbsd-2ef851529997e0374d16c3733749d9cfb616a768.tar.bz2 openbsd-2ef851529997e0374d16c3733749d9cfb616a768.zip | |
Switch to legacy method late in tls13_use_legacy_stack()
If memory allocation of s->init_buf fails in ssl3_setup_init_buffer()
during downgrade to the legacy stack, the legacy state machine would
resume with an incorrectly set up SSL, resulting in a NULL dereference.
The fix is to switch to the legacy method only after the SSL is fully
set up. There is a second part to this fix, which will be committed
once we manage to agree on the color of the bikeshed.
Detailed analysis and patch from Masaru Masuda, many thanks!
https://github.com/libressl/openbsd/issues/146
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 1d6a5a1299..e9aca070e9 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.40 2022/11/26 16:08:56 tb Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.41 2023/11/28 13:19:04 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -322,8 +322,6 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) | |||
| 322 | 322 | ||
| 323 | memset(&cbb, 0, sizeof(cbb)); | 323 | memset(&cbb, 0, sizeof(cbb)); |
| 324 | 324 | ||
| 325 | s->method = tls_legacy_method(); | ||
| 326 | |||
| 327 | if (!ssl3_setup_init_buffer(s)) | 325 | if (!ssl3_setup_init_buffer(s)) |
| 328 | goto err; | 326 | goto err; |
| 329 | if (!ssl3_setup_buffers(s)) | 327 | if (!ssl3_setup_buffers(s)) |
| @@ -370,6 +368,12 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) | |||
| 370 | s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); | 368 | s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); |
| 371 | s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; | 369 | s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; |
| 372 | 370 | ||
| 371 | /* | ||
| 372 | * Only switch the method after initialization is complete | ||
| 373 | * as we start part way into the legacy state machine. | ||
| 374 | */ | ||
| 375 | s->method = tls_legacy_method(); | ||
| 376 | |||
| 373 | return 1; | 377 | return 1; |
| 374 | 378 | ||
| 375 | err: | 379 | err: |